[driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
@ 2021-12-31 17:08 ` kernel test robot
  0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2021-12-31 17:08 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: kbuild-all, devel, linux-kernel

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

smatch warnings:
fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.

vim +59 fs/d_path.c

b0cfcdd9b9672e Linus Torvalds 2021-07-16  55  
b0cfcdd9b9672e Linus Torvalds 2021-07-16  56  static bool prepend(struct prepend_buffer *p, const char *str, int namelen)
b0cfcdd9b9672e Linus Torvalds 2021-07-16  57  {
b0cfcdd9b9672e Linus Torvalds 2021-07-16  58  	// Already overflowed?
b0cfcdd9b9672e Linus Torvalds 2021-07-16 @59  	if (p->len < 0)
b0cfcdd9b9672e Linus Torvalds 2021-07-16  60  		return false;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  61  
b0cfcdd9b9672e Linus Torvalds 2021-07-16  62  	// Will overflow?
b0cfcdd9b9672e Linus Torvalds 2021-07-16  63  	if (p->len < namelen) {
b0cfcdd9b9672e Linus Torvalds 2021-07-16  64  		// Fill as much as possible from the end of the name
b0cfcdd9b9672e Linus Torvalds 2021-07-16  65  		str += namelen - p->len;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  66  		p->buf -= p->len;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  67  		prepend_copy(p->buf, str, p->len);
b0cfcdd9b9672e Linus Torvalds 2021-07-16  68  		p->len = -1;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  69  		return false;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  70  	}
b0cfcdd9b9672e Linus Torvalds 2021-07-16  71  
b0cfcdd9b9672e Linus Torvalds 2021-07-16  72  	// Fits fully
ad08ae586586ea Al Viro        2021-05-12  73  	p->len -= namelen;
ad08ae586586ea Al Viro        2021-05-12  74  	p->buf -= namelen;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  75  	return prepend_copy(p->buf, str, namelen);
7a5cf791a74764 Al Viro        2018-03-05  76  }
7a5cf791a74764 Al Viro        2018-03-05  77  

:::::: The code at line 59 was first introduced by commit
:::::: b0cfcdd9b9672ea90642f33d6c0dd8516553adf2 d_path: make 'prepend()' fill up the buffer exactly on overflow

:::::: TO: Linus Torvalds <torvalds@linux-foundation.org>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
@ 2021-12-31 17:08 ` kernel test robot
  0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2021-12-31 17:08 UTC (permalink / raw)
  To: kbuild-all

[-- Attachment #1: Type: text/plain, Size: 2615 bytes --]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

smatch warnings:
fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.

vim +59 fs/d_path.c

b0cfcdd9b9672e Linus Torvalds 2021-07-16  55  
b0cfcdd9b9672e Linus Torvalds 2021-07-16  56  static bool prepend(struct prepend_buffer *p, const char *str, int namelen)
b0cfcdd9b9672e Linus Torvalds 2021-07-16  57  {
b0cfcdd9b9672e Linus Torvalds 2021-07-16  58  	// Already overflowed?
b0cfcdd9b9672e Linus Torvalds 2021-07-16 @59  	if (p->len < 0)
b0cfcdd9b9672e Linus Torvalds 2021-07-16  60  		return false;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  61  
b0cfcdd9b9672e Linus Torvalds 2021-07-16  62  	// Will overflow?
b0cfcdd9b9672e Linus Torvalds 2021-07-16  63  	if (p->len < namelen) {
b0cfcdd9b9672e Linus Torvalds 2021-07-16  64  		// Fill as much as possible from the end of the name
b0cfcdd9b9672e Linus Torvalds 2021-07-16  65  		str += namelen - p->len;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  66  		p->buf -= p->len;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  67  		prepend_copy(p->buf, str, p->len);
b0cfcdd9b9672e Linus Torvalds 2021-07-16  68  		p->len = -1;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  69  		return false;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  70  	}
b0cfcdd9b9672e Linus Torvalds 2021-07-16  71  
b0cfcdd9b9672e Linus Torvalds 2021-07-16  72  	// Fits fully
ad08ae586586ea Al Viro        2021-05-12  73  	p->len -= namelen;
ad08ae586586ea Al Viro        2021-05-12  74  	p->buf -= namelen;
b0cfcdd9b9672e Linus Torvalds 2021-07-16  75  	return prepend_copy(p->buf, str, namelen);
7a5cf791a74764 Al Viro        2018-03-05  76  }
7a5cf791a74764 Al Viro        2018-03-05  77  

:::::: The code at line 59 was first introduced by commit
:::::: b0cfcdd9b9672ea90642f33d6c0dd8516553adf2 d_path: make 'prepend()' fill up the buffer exactly on overflow

:::::: TO: Linus Torvalds <torvalds@linux-foundation.org>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
  2021-12-31 17:08 ` kernel test robot
@ 2021-12-31 19:35   ` Al Viro
  -1 siblings, 0 replies; 8+ messages in thread
From: Al Viro @ 2021-12-31 19:35 UTC (permalink / raw)
  To: kernel test robot; +Cc: Greg Kroah-Hartman, kbuild-all, devel, linux-kernel

On Sat, Jan 01, 2022 at 01:08:41AM +0800, kernel test robot wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
> head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
> commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
> config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp@intel.com/config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> 
> smatch warnings:
> fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.

What do you mean, "unsigned p->len"?

->len really *can* be negative - that's how running out of buffer is indicated.

Greg, I stand by the comment I made back in July - this kind of "hardening" is
useless; there's no legitimate reason to pass a huge buffer length, especially
since there's a limit on the length of pathname any syscall would accept.
See https://www.spinics.net/lists/linux-fsdevel/msg200370.html for the
variant I would prefer.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
@ 2021-12-31 19:35   ` Al Viro
  0 siblings, 0 replies; 8+ messages in thread
From: Al Viro @ 2021-12-31 19:35 UTC (permalink / raw)
  To: kbuild-all

[-- Attachment #1: Type: text/plain, Size: 1185 bytes --]

On Sat, Jan 01, 2022 at 01:08:41AM +0800, kernel test robot wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
> head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
> commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
> config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp(a)intel.com/config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> 
> smatch warnings:
> fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.

What do you mean, "unsigned p->len"?

->len really *can* be negative - that's how running out of buffer is indicated.

Greg, I stand by the comment I made back in July - this kind of "hardening" is
useless; there's no legitimate reason to pass a huge buffer length, especially
since there's a limit on the length of pathname any syscall would accept.
See https://www.spinics.net/lists/linux-fsdevel/msg200370.html for the
variant I would prefer.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
  2021-12-31 19:35   ` Al Viro
@ 2022-01-01 13:08     ` Greg Kroah-Hartman
  -1 siblings, 0 replies; 8+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-01 13:08 UTC (permalink / raw)
  To: Al Viro; +Cc: kernel test robot, devel, kbuild-all, linux-kernel

On Fri, Dec 31, 2021 at 07:35:07PM +0000, Al Viro wrote:
> On Sat, Jan 01, 2022 at 01:08:41AM +0800, kernel test robot wrote:
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
> > head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
> > commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
> > config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp@intel.com/config)
> > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> > 
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > 
> > smatch warnings:
> > fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
> 
> What do you mean, "unsigned p->len"?
> 
> ->len really *can* be negative - that's how running out of buffer is indicated.
> 
> Greg, I stand by the comment I made back in July - this kind of "hardening" is
> useless; there's no legitimate reason to pass a huge buffer length, especially
> since there's a limit on the length of pathname any syscall would accept.
> See https://www.spinics.net/lists/linux-fsdevel/msg200370.html for the
> variant I would prefer.

Sorry, yes, I agree with you, but never deleted this commit from this
"scratch" branch of mine.  I'll go rebase the branch and purge it from
the system so that 0-day doesn't hit it anymore, sorry for the noise.

greg k-h

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
@ 2022-01-01 13:08     ` Greg Kroah-Hartman
  0 siblings, 0 replies; 8+ messages in thread
From: Greg Kroah-Hartman @ 2022-01-01 13:08 UTC (permalink / raw)
  To: kbuild-all

[-- Attachment #1: Type: text/plain, Size: 1515 bytes --]

On Fri, Dec 31, 2021 at 07:35:07PM +0000, Al Viro wrote:
> On Sat, Jan 01, 2022 at 01:08:41AM +0800, kernel test robot wrote:
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
> > head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
> > commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
> > config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp(a)intel.com/config)
> > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> > 
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > 
> > smatch warnings:
> > fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
> 
> What do you mean, "unsigned p->len"?
> 
> ->len really *can* be negative - that's how running out of buffer is indicated.
> 
> Greg, I stand by the comment I made back in July - this kind of "hardening" is
> useless; there's no legitimate reason to pass a huge buffer length, especially
> since there's a limit on the length of pathname any syscall would accept.
> See https://www.spinics.net/lists/linux-fsdevel/msg200370.html for the
> variant I would prefer.

Sorry, yes, I agree with you, but never deleted this commit from this
"scratch" branch of mine.  I'll go rebase the branch and purge it from
the system so that 0-day doesn't hit it anymore, sorry for the noise.

greg k-h

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
  2022-01-01 13:08     ` Greg Kroah-Hartman
@ 2022-01-01 18:40       ` Al Viro
  -1 siblings, 0 replies; 8+ messages in thread
From: Al Viro @ 2022-01-01 18:40 UTC (permalink / raw)
  To: Greg Kroah-Hartman; +Cc: kernel test robot, devel, kbuild-all, linux-kernel

On Sat, Jan 01, 2022 at 02:08:54PM +0100, Greg Kroah-Hartman wrote:
> On Fri, Dec 31, 2021 at 07:35:07PM +0000, Al Viro wrote:
> > On Sat, Jan 01, 2022 at 01:08:41AM +0800, kernel test robot wrote:
> > > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
> > > head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
> > > commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
> > > config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp@intel.com/config)
> > > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> > > 
> > > If you fix the issue, kindly add following tag as appropriate
> > > Reported-by: kernel test robot <lkp@intel.com>
> > > 
> > > smatch warnings:
> > > fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
> > 
> > What do you mean, "unsigned p->len"?
> > 
> > ->len really *can* be negative - that's how running out of buffer is indicated.
> > 
> > Greg, I stand by the comment I made back in July - this kind of "hardening" is
> > useless; there's no legitimate reason to pass a huge buffer length, especially
> > since there's a limit on the length of pathname any syscall would accept.
> > See https://www.spinics.net/lists/linux-fsdevel/msg200370.html for the
> > variant I would prefer.
> 
> Sorry, yes, I agree with you, but never deleted this commit from this
> "scratch" branch of mine.  I'll go rebase the branch and purge it from
> the system so that 0-day doesn't hit it anymore, sorry for the noise.

OK...  I'll probably throw something along the lines of "negative => EINVAL,
positive greater than 32Kb - adjust the buffer and length to the last 32Kb
of what had been passed" into the misc queue.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
@ 2022-01-01 18:40       ` Al Viro
  0 siblings, 0 replies; 8+ messages in thread
From: Al Viro @ 2022-01-01 18:40 UTC (permalink / raw)
  To: kbuild-all

[-- Attachment #1: Type: text/plain, Size: 1829 bytes --]

On Sat, Jan 01, 2022 at 02:08:54PM +0100, Greg Kroah-Hartman wrote:
> On Fri, Dec 31, 2021 at 07:35:07PM +0000, Al Viro wrote:
> > On Sat, Jan 01, 2022 at 01:08:41AM +0800, kernel test robot wrote:
> > > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup
> > > head:   a04bbe0a2c7e98669e11a47f94e53dd8228bbeba
> > > commit: e95d5bed5d58c2f5352969369827e7135fa2261e [4/5] fs: make d_path-like functions all have unsigned size
> > > config: i386-randconfig-m031-20211228 (https://download.01.org/0day-ci/archive/20220101/202201010156.bJvO7Gaw-lkp(a)intel.com/config)
> > > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> > > 
> > > If you fix the issue, kindly add following tag as appropriate
> > > Reported-by: kernel test robot <lkp@intel.com>
> > > 
> > > smatch warnings:
> > > fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero.
> > 
> > What do you mean, "unsigned p->len"?
> > 
> > ->len really *can* be negative - that's how running out of buffer is indicated.
> > 
> > Greg, I stand by the comment I made back in July - this kind of "hardening" is
> > useless; there's no legitimate reason to pass a huge buffer length, especially
> > since there's a limit on the length of pathname any syscall would accept.
> > See https://www.spinics.net/lists/linux-fsdevel/msg200370.html for the
> > variant I would prefer.
> 
> Sorry, yes, I agree with you, but never deleted this commit from this
> "scratch" branch of mine.  I'll go rebase the branch and purge it from
> the system so that 0-day doesn't hit it anymore, sorry for the noise.

OK...  I'll probably throw something along the lines of "negative => EINVAL,
positive greater than 32Kb - adjust the buffer and length to the last 32Kb
of what had been passed" into the misc queue.

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2022-01-01 18:41 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-31 17:08 [driver-core:debugfs_cleanup 4/5] fs/d_path.c:59 prepend() warn: unsigned 'p->len' is never less than zero kernel test robot
2021-12-31 17:08 ` kernel test robot
2021-12-31 19:35 ` Al Viro
2021-12-31 19:35   ` Al Viro
2022-01-01 13:08   ` Greg Kroah-Hartman
2022-01-01 13:08     ` Greg Kroah-Hartman
2022-01-01 18:40     ` Al Viro
2022-01-01 18:40       ` Al Viro

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.